External Resource:
Office of the Under Secretary of Defense for Acquisition, Technology and Logistics
“Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018); Frequently Asked Questions” Click here or graphic below.
Frequently Asked Questions for Georgia Tech
What is DFARS?
DFARS – Defense Federal Acquisition Regulation Supplement. A supplement to the FAR that provides DoD-specific acquisition regulations that DoD government acquisition officials – and those contractors doing business with DoD – must follow in the procurement process for goods and services.
What is NIST 800-171?
NIST Special Publication 800-171 – Protection Controlled Unclassified Information in Nonfederal Information Systems and Organizations (NIST 800-171)
- The purpose of this NIST publication is to provide guidance for federal agencies to ensure that certain types of federal information is protected when processed, stored, and used in non-federal information systems.
- NIST 800-171 applies to Controlled Unclassified Information (also called CUI) shared by the federal government with a nonfederal entity.
- Designed to protect CUI in nonfederal IT systems from unauthorized disclosure. There are 14 families of security requirements outlined in NIST 800-171, comprising 109 individual controls.
- Replaces the jumbled patchwork of existing agency rules.
What is Controlled Unclassified Information (CUI)?
Controlled Unclassified Information (CUI) at Georgia Tech can include, but is not limited to,:
- Federally funded research
- Health information
- Student records
- Visa records
Where can I Access the Federal Controlled Unclassified Information Registry?
https://www.archives.gov/cui/registry/category-list
Why is this important to Georgia Tech?
Georgia Tech has a number of research contracts from various sources at any one time, representing a sizable financial funding source to the research community. As competition for future research funding increases, those universities with an existing NIST 800-171 compliance program can leverage that advantage into more contracts. Consequently, a failure to meet existing compliance requirements may result in contract termination and the loss of contract funds.
How do I get a background screening?
Please go to this page on sites.gatech.edu/cui.
Who should I contact for more information?
For additional information, contact compliance@security.gatech.edu.